Reference : Elysium: Context-Aware Bytecode-Level Patching to Automatically Heal Vulnerable Smart...
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/51740
Elysium: Context-Aware Bytecode-Level Patching to Automatically Heal Vulnerable Smart Contracts
English
Ferreira Torres, Christof mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN >]
Jonker, Hugo [Open University of the Netherlands]
State, Radu mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN >]
2022
International Symposium on Research in Attacks, Intrusions and Defenses, Limassol, Cyprus 26-28 October 2022
Yes
25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2022)
from 26-10-2022 to 28-10-2022
[en] Ethereum ; smart contracts ; bytecode ; context-aware ; patching
[en] Fixing bugs is easiest by patching source code. However, source code is not always available: only 0.3% of the ∼49M smart contracts that are currently deployed on Ethereum have their source code publicly available. Moreover, since contracts may call functions from other contracts, security flaws in closed-source contracts may affect open-source contracts as well. However, current state-of-the-art
approaches that operate on closed-source contracts (i.e., EVM bytecode), such as EVMPatch and SmartShield, make use of purely hard-coded templates that leverage fix patching patterns. As a result, they cannot dynamically adapt to the bytecode that is being patched, which severely limits their flexibility and scalability. For instance, when patching integer overflows using hard-coded templates, a particular patch template needs to be employed as the bounds to be checked are different for each integer size (i.e., one template for uint256, another template for uint64, etc.).
In this paper, we propose Elysium, a scalable approach towards automatic smart contract repair at the bytecode level. Elysium combines template-based and semantic-based patching by inferring context information from bytecode. Elysium is currently able to patch 7 different types of vulnerabilities in smart contracts automatically and can easily be extended with new templates and new bug-finding tools. We evaluate its effectiveness and correctness using 3 different datasets by replaying more than 500K transactions on patched contracts. We find that Elysium outperforms existing
tools by patching at least 30% more contracts correctly. Finally, we also compare the overhead of Elysium in terms of deployment and transaction cost. In comparison to other tools, we find that generally Elysium minimizes the runtime cost (i.e., transaction cost) up to a factor of 1.7, for only a marginally higher deployment cost, where deployment cost is a one-time cost as compared to the runtime cost.
http://hdl.handle.net/10993/51740
FnR ; FNR13192291 > Christof Ferreira Torres > Blockchain for Finance > Secure Blockchain Technologies For Finance > 01/10/2018 > 31/03/2022 > 2018

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
Elysium_RAID22.pdfAuthor preprint1.08 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.